AutoRepair.API

A self-developed project for an auto repair shop, where orders are accepted more conveniently through a web interface.

Stack

• .NET 10 / ASP.NET Core Web API MVC
• Entity Framework Core 10
• Npgsql (PostgreSQL)
• JWT authentication
• Mapster (DTO/model mapping)
• Swagger/OpenAPI
• Bogus (fake data generation)

Project structure

• AutoRepair.API - Web API, controllers, and routes
• AutoRepair.App - business layer, DTOs, services
• AutoRepair.Core - domain contracts, models, utilities
• AutoRepair.DataAccess - EF Core entities, configuration, repositories
• AutoRepair.Infrastracture - authentication, extensions, settings
• AutoRepair.Tests - unit tests

Models and relationships

Main entities

Entity	Fields	Notes
AccountEntity	Id, Login, PasswordHash, Role	stores user data, role, and refresh token relation 1:*
EmployeeEntity	Id, FullName, PhoneNumber, Position, AccountId	1:1 with AccountEntity; has Orders
SupplierEntity	Id, CompanyName, PhoneNumber, AccountId	1:1 with AccountEntity; has SpareParts
CarEntity	Id, CarNumber, Vin, Brand, Model, YearOfManufacture	has Orders
OrderEntity	Id, DateAccept, DateDelivery, TypeOfWork, Price, CarId, EmployeeId	belongs to one car and one employee; contains OrderSparePartEntity
SparePartEntity	Id, Name, Quantity, Price, SupplierId	belongs to one supplier
OrderSparePartEntity	OrderId, SparePartId, Quantity, Price	relation between order and spare part

Relationships

• Car 1..* Order
• Employee 1..* Order
• Order .. SparePart through OrderSparePart
• Supplier 1..* SparePart
• Employee and Supplier are linked to Account 1..1
• Account 1..* RefreshToken

Architectural roles and permissions

Roles and policies

Roles are defined by AccountEntity.Role and checked by the PolicyName policy.

Policies in AutoRepair.Infrastracture.Extensions.AuthExtension:

• AdminOnly

  • includes Permission.ManageEverything
  • full access to account management, entity deletion, and employee/supplier creation

• Employee

  • permissions to view and manage orders, cars, employees, and suppliers
  • includes OrderCreate, OrderEdit, OrderView, CarCreate, CarView, CarEdit, EmployeeView, SupplierView

• Supplier

  • permissions to create and manage spare parts
  • includes SparePartCreate, SparePartEdit

• EditAccountData

  • permission to edit own account/entity data
  • used for updating employee and supplier data

• SparePartViewAndEdit

  • permission to view and edit spare part information

Specific checks

• ICurrentUser.IsCorrectData is used to verify that the user is operating on their own data.
• IAuthorizationOwnerService.IsOwnerAsync checks ownership when editing Employee and Supplier.

API methods and entities

Account / Auth

• POST api/auth/register - register a new account (AdminOnly only)
• POST api/auth/login - login, issue JWT, and save refresh token in a cookie
• POST api/auth/logout - logout, remove refresh token
• POST api/auth/refresh - refresh access/refresh tokens
• PATCH api/auth/change-password - change the password of the authenticated user
• GET api/auth/accounts - get list of accounts (AdminOnly only)
• DELETE api/auth/accounts/{id} - delete an account (AdminOnly only)

Cars

• POST api/cars - create a car (Employee)
• GET api/cars - get list of cars (Employee)
• GET api/cars/{id} - get car by ID (Employee)
• GET api/cars/number/{carNumber} - find car by number (Employee)
• GET api/cars/vin/{vin} - find car by VIN (Employee)
• PATCH api/cars/{id} - partially update a car (Employee)
• DELETE api/cars/{id} - delete a car (AdminOnly)

Orders

• GET api/orders/{id} - get order by ID (Employee)
• GET api/orders - get list of orders (Employee)
• POST api/orders - create an order (Employee)
• PATCH api/orders/{id} - update an order (Employee, current user validation)
• DELETE api/orders/{id} - delete an order (AdminOnly)

Employees

• POST api/employees - create an employee (AdminOnly)
• DELETE api/employees/{id} - delete an employee (AdminOnly)
• PATCH api/employees/{id} - edit an employee (EditAccountData, owner only)
• GET api/employees - get list of employees (Employee)
• GET api/employees/{id} - get employee by ID (Employee)
• GET api/employees/fullName/{fullName} - find employee by full name (Employee)

SpareParts

• POST api/spareParts - create a spare part (Supplier)
• PATCH api/spareParts/{id} - update a spare part (SparePartViewAndEdit, current user validation)
• DELETE api/spareParts/{id} - delete a spare part (AdminOnly)
• GET api/spareParts - get list of spare parts (SparePartViewAndEdit)
• GET api/spareParts/{id} - get spare part by ID (SparePartViewAndEdit, current user validation)
• GET api/spareParts/name/{name} - find spare part by name (SparePartViewAndEdit, current user validation)

Suppliers

• POST api/suppliers - create a supplier (AdminOnly)
• PATCH api/suppliers/{id} - edit a supplier (EditAccountData, owner only)
• DELETE api/suppliers/{id} - delete a supplier (AdminOnly)
• GET api/suppliers - get list of suppliers (Employee)
• GET api/suppliers/{id} - get supplier by ID (requires correct user)
• GET api/suppliers/companyName/{companyName} - find supplier by company name (requires correct user)

Running the application with Docker

To run the application using Docker and Docker Compose:

1. Ensure you have Docker and Docker Compose installed on your system.

2. Navigate to the Backend directory:

   cd Backend

3. Build and start the containers:

   docker-compose up -d

4. The API will be available at http://localhost:5000 (or the port specified in your configuration).

5. To view logs:

   docker-compose logs -f

6. To stop the containers:

   docker-compose down

Environment configuration

Ensure that the appropriate environment variables are set in the docker-compose.yml file or in the .env file before running the containers. Check the appsettings.json and appsettings.Development.json for required configuration.

Database migrations

Migrations are automatically applied when the container starts. If you need to manually run migrations, you can use:

docker-compose exec api dotnet ef database update